[
https://issues.apache.org/jira/browse/RANGER-3413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
wuyu updated RANGER-3413:
-------------------------
Description:
hi~,I have found a bug when i use /service/plugins/secure/services/grant api to
grant access to a hdfs path.
Firstly, I grant accesses to a none recursive path, the request body is like
{"grantor":"admin","grantorGroups":[],"resource":\\{"path":"/user/a/b"}
,"users":[""],"groups":["xxx"],"roles":["xxx","xxx"],"accessTypes":["read","execute","write"],"delegateAdmin":false,"enableAudit":true,"replaceExistingPermissions":false,"isRecursive":false}
then I grant accesses to the same path with recursive option, the request body
is like
{"grantor":"admin","grantorGroups":[],"resource":\\{"path":"/user/a/b"}
,"users":[""],"groups":["xxx"],"roles":["xxx","xxx"],"accessTypes":["read","execute","write"],"delegateAdmin":false,"enableAudit":true,"replaceExistingPermissions":false,"isRecursive":true}
then I found only one policy related to path "/user/a/b", and it is
non-recursive.
I expected two policies be found, one is recursive and the other is not.
was:
hi~,I have found a bug when i use /service/plugins/secure/services/grant api to
grant access to a hdfs path.
Firstly, I grant accesses to a none recursive path, the request body is like
{"grantor":"admin","grantorGroups":[],"resource":\{"path":"/user/a/b"},"users":[""],"groups":["xxx"],"roles":["xxx","xxx"],"accessTypes":["read","execute","write"],"delegateAdmin":false,"enableAudit":true,"replaceExistingPermissions":false,"isRecursive":false}
then I grant accesses to the same path with recursive option, the request body
is like
{"grantor":"admin","grantorGroups":[],"resource":\{"path":"/user/a/b"},"users":[""],"groups":["xxx"],"roles":["xxx","xxx"],"accessTypes":["read","execute","write"],"delegateAdmin":false,"enableAudit":true,"replaceExistingPermissions":false,"isRecursive":true}
then I found only one policy related to path "/user/a/b", and it is
non-recursive.
I expected two policies be found, one is recursive and the other is not.
!image-2021-09-14-17-42-30-764.png|width=845,height=474!
> ranger don't distinguish isRecursive when grant accesses to hdfs path
> ---------------------------------------------------------------------
>
> Key: RANGER-3413
> URL: https://issues.apache.org/jira/browse/RANGER-3413
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 2.1.0
> Reporter: wuyu
> Priority: Critical
>
> hi~,I have found a bug when i use /service/plugins/secure/services/grant api
> to grant access to a hdfs path.
> Firstly, I grant accesses to a none recursive path, the request body is like
>
> {"grantor":"admin","grantorGroups":[],"resource":\\{"path":"/user/a/b"}
> ,"users":[""],"groups":["xxx"],"roles":["xxx","xxx"],"accessTypes":["read","execute","write"],"delegateAdmin":false,"enableAudit":true,"replaceExistingPermissions":false,"isRecursive":false}
>
> then I grant accesses to the same path with recursive option, the request
> body is like
>
> {"grantor":"admin","grantorGroups":[],"resource":\\{"path":"/user/a/b"}
> ,"users":[""],"groups":["xxx"],"roles":["xxx","xxx"],"accessTypes":["read","execute","write"],"delegateAdmin":false,"enableAudit":true,"replaceExistingPermissions":false,"isRecursive":true}
>
> then I found only one policy related to path "/user/a/b", and it is
> non-recursive.
> I expected two policies be found, one is recursive and the other is not.
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
